Sophos advises steps to counter Petya ransomware
Infection by the recently spreading Petya ransomware, which encrypts files and documents and can also replace the original master boot record (MBR) so Windows will not boot, can be prevented by taking several steps, network security firm Sophos Hungary Kft. says in a press release sent to the Budapest Business Journal.
The steps Sophos highlights include ensuring systems have the latest patches, including that specified in the Microsoft MS17-010 bulletin. Users are also highly advised to consider blocking the Microsoft PsExec tool from running on users’ computers.
Sophos also emphasizes the importance of backing up important files regularly on an external storage device that is not connected to the system. This is a generally useful step as anything can happen that damages our files, such as fire, flood, theft, a dropped laptop or even an accidental delete, Sophos warns.
Sophos also offers free - non-business - use of its Sophos Intercept X and free Sophos Home Premium Beta, which the company says prevents ransomware by blocking the unauthorized encryption of files and sectors on the hard disk.
The Petya ransomware encrypts files and documents on an infected machine, like most ransomware, and also replaces the original master boot record (MBR) of an infected machine so that this computer can no longer boot into Windows, Sophos says. The new boot code is used to show the ransomware note and explains how to pay the ransom, the company adds.
“We have seen that this new outbreak uses the ʼEternalBlueʼ exploit as a way to spread within a network after the initial infection. The exploit attacks the vulnerable Windows Server Message Block (SMB) service, which is used to share files and printers across local networks. Microsoft addressed the issue in its MS17-010 bulletin in March, but the exploit proved instrumental in the spread of WannaCry last month. The new Petya variant can also spread by using a version of the Microsoft PsExec tool in combination with admin credentials from the target computer,” Sophos adds.
SUPPORT THE BUDAPEST BUSINESS JOURNAL
Newspaper organizations across the globe have struggled to find a business model that allows them to continue to excel, without compromising their ability to perform. Most recently, some have experimented with the idea of involving their most important stakeholders, their readers.
We would like to offer that same opportunity to our readers. We would like to invite you to help us deliver the quality business journalism you require. Hit our Support the BBJ button and you can choose the how much and how often you send us your contributions.